How to restrict the use of arguments with directives?

[Lolobstant]

Hello!

First of all thanks for all the work and awesome tooling !

And here to my problem, I'm trying to port a directive that i've created with graphql-tools v4 to v8. (precisely from apollo-server v2 to v3)
So far so good, but I also use this directive on argument définition to restrict their use to certain user, ex:

Type Query {
   myField(myArgument: String @authorize(role: ADMIN))
}

on v4 visitArgumentDefinition would give the field on which the argument was passed as parameters, making it possible to wrap its resolver with a condition.
For instance a condition that would check the user has the right permission when using the argument ex:

visitArgumentDefinition(argument, details) {
   const { resolve: defaultResolver } = defails.field;
   const directiveArgument = this.args;

   details.field.resolve =  function(...resolverArgs) {
     const [source, input, cts] = resolverArgs;
     if (input[argument.name] && !ctx.user.hasRole(directiveArgument)) throw "UNAUTHORIZED";
    return defaultResolver(...resolverArgs);
   }
}

today using the MapperKind where I'm currently stuck:

function directiveTransform(schema) {
    return mapSchema(schema, {
        [MapperKind.ARGUMENT]: (argumentConfig, fieldName, fieldType) => {
           // try to get Field from fieldName
        } 
    })
}

Is there a better way to restrict the use of an argument, or simply a way to get a field from it's name ?
What would you advise ?

Thank you for your help !

[naviDevOnGit]

Have you found a solution? I have the same problem right now.

[n1ru4l]

You will need to have to wrap the field resolvers and add validation for the fields like the following.

import { mapSchema, MapperKind } from '@graphql-tools/utils';
import { schema } from './schema.js';

mapSchema(schema, {
  [MapperKind.OBJECT_FIELD]: fieldConfig => {
    // try to get Field from fieldName
    if (fieldConfig.args != null) {
      // TODO recursively check arguments and wrap resolver function
      for (const [_name, field] of Object.entries(fieldConfig.args)) {
        const _node = field.astNode?.directives?.find(directive => directive.name.value === 'authorize');
        // TODO: gather information on what you want to do in that case
      }

      return {
        ...fieldConfig,
        resolve: (root, args, context, info) => {
          // TODO apply validation here before forwarding to the original resolver

          return fieldConfig.resolve?.(root, args, context, info);
        },
      };
    }

    return fieldConfig;
  },
});